Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1324 | 1 Cisco | 1 Spark | 2016-02-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125. | |||||
| CVE-2016-1303 | 1 Cisco | 16 500 Series Switch Firmware, Sf500-24, Sf500-24p and 13 more | 2016-02-24 | 7.8 HIGH | 7.5 HIGH |
| The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330. | |||||
| CVE-2016-1157 | 1 Log-chat Project | 1 Log-chat | 2016-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-8269 | 1 Fisher-price | 1 Smart Toy Bear | 2016-02-24 | 6.5 MEDIUM | 7.5 HIGH |
| The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number. | |||||
| CVE-2015-8531 | 1 Ibm | 2 Security Access Manager 9.0 Firmware, Security Access Manager For Web 8.0 Firmware | 2016-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-5294 | 2016-02-23 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2016-0869 | 1 Microsys | 1 Promotic | 2016-02-23 | 7.1 HIGH | 5.0 MEDIUM |
| Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document. | |||||
| CVE-2014-0292 | 2016-02-22 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue requiring a CVE ID. Notes: none. | |||||
| CVE-2016-1151 | 1 Cybozu | 1 Office | 2016-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-1152 | 1 Cybozu | 1 Office | 2016-02-22 | 5.5 MEDIUM | 5.4 MEDIUM |
| Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486. | |||||
| CVE-2016-1150 | 1 Cybozu | 1 Office | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149. | |||||
| CVE-2016-1149 | 1 Cybozu | 1 Office | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150. | |||||
| CVE-2015-8797 | 1 Apache | 1 Solr | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI. | |||||
| CVE-2015-8795 | 1 Apache | 1 Solr | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js. | |||||
| CVE-2015-8489 | 1 Cybozu | 1 Office | 2016-02-22 | 6.8 MEDIUM | 6.5 MEDIUM |
| customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153. | |||||
| CVE-2015-8488 | 1 Cybozu | 1 Office | 2016-02-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487. | |||||
| CVE-2015-8487 | 1 Cybozu | 1 Office | 2016-02-22 | 2.6 LOW | 4.3 MEDIUM |
| Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. | |||||
| CVE-2015-8486 | 1 Cybozu | 1 Office | 2016-02-22 | 5.5 MEDIUM | 5.4 MEDIUM |
| Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152. | |||||
| CVE-2015-8485 | 1 Cybozu | 1 Office | 2016-02-22 | 5.5 MEDIUM | 5.4 MEDIUM |
| Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152. | |||||
| CVE-2015-8484 | 1 Cybozu | 1 Office | 2016-02-22 | 5.5 MEDIUM | 5.4 MEDIUM |
| Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152. | |||||